Here is a reenactment of how UBS CEO Oswald Gruebel reacted when he learned about the $2 billion fraud. (That is Colin Firth portraying Gruebel on the left.)

http://www.youtube.com/watch%3Fv%3DxJvGE7Vvd4M

A headline today on CBC.ca reads “UBS case latest failure of risk management”.

I think I will spend the rest of the day being offended by the CBC. (All will be forgiven if Amanda Lang appears on the National tonight.)

Despite all the systems, oversight, controls, compliance, supervision and some other sixth thing, you can’t stop the rogue trader. Adoboli is to blame. His boss is to blame. Maybe culture or performance objectives are to blame. But risk management is not.

Saying Risk Management is to blame is like saying the police department should be blamed for a teen committing a murder: the police do their best to increase patrols in high crime neighborhoods, to take weapons off the streets, to educate teens; but police cannot stop stupid people from doing dangerous things once in while. Point the fingers at parents before the police.

Risk management is neither the cause nor the solution to a bank’s problems.

UPDATE: This post was written before it was revealed Mr Adoboli was alleged to have “accrued the record loss by carrying out a large number of transactions over the course of the three-year period, rather than through a single deal that went wrong. ” It was assumed at the time I wrote this post that the crime took place over the last few days/weeks.

 

Blessed are the risk managers: for they shall be called sons of God.

                                                                                          –  Riskczar 5:9

One can only imagine the profanity and f-words that spewed from the mouth of Maureen Miskovic, the new Chief Risk Officer at UBS, when she learned about the $2 billion rogue trading hit at UBS. I bet she made Carol Bartz look like a Ned Flanders.

It’s still too soon to know who knew what and when, but as Simon Morris explained in a Reuters article, the root cause is likely insufficient supervision:

“No rogue trader works in a vacuum, and UBS’s management must have taken its eye off the ball to allow a trader to operate on this scale without sufficient supervision and without the systems to monitor his trades”

I am sympathetic to risk managers who often make convenient scapegoats when there are likely a half-dozen people including the rogue trader’s boss, boss’s boss and boss’s boss’s boss who are more accountable than the Chief Risk Officer.

There is rarely any upside in being the head of risk management but lots of downside. I will follow Ms. Miskovic’s story with great interest.

The author of this article in Business World, Roderick M. Vega, describes fraud risk management as a sub-branch of enterprise risk management and lists the three major categories of fraud as fraudulent statements, asset misappropriation, and corruption.

Like an ERM program, he explains “Simply conducting a fraud risk assessment does not get the job done and management must be prepared and committed to act on the results. The next critical step would be to identify controls that will prevent, deter or detect the identified fraud risks.”

While this is a pretty good article about fraud risk, don’t be fooled into assuming that the best detective controls in the world are going to inoculate you completely from fraud risks. Some of the greatest frauds in the last 25 years resulted because a smart rogue trader found a way to game the system or abuse their trust one way or another. Read about Joseph Jett, John M. Rusnak, Nick Leeson or the book Infectious Greed by Frank Partnoy and you’ll get the picture.

But I think Jerome Kerviel at SocGen takes the prize for best fraud. Described by some as a “computer genius”, he apparently hacked into his bank’s computer system to disable their automatic alert system in order to hide his trades.

While Vega has written a good article on fraud risk, remember that even the best control mechanisms cannot prevent malevolent geniuses like Kerviel from ripping you off.

My favourite financial fraud of all time has to the work of John M. Rusnak at Allfirst Bank, a sub of Allied Irish Bank, perpetrated in 2001.  Following the events which cost this Irish bank tens of millions of losses, an audit report was prepared by Promontory Financial Group and Wachtell, Lipton, Rosen & Katz.

I love this audit report. It describes in brilliant detail the failures and lack of controls throughout the Maryland Bank. It is well written, hardly boring and entertaining. Anyone looking to do a quick and dirty audit of their back office operations merely has to use this report as a check list for what not to do and where the skeletons may be hiding.
In short, the fraud occurred for a variety of reasons including inadequate supervision, inadequate response to issues identified about Rusnak’s trading, difficulty confirming Rusnak’s trades.

But the best part reads like this:

The next morning, the most senior back-office manager called Mr. Rusnak down to his office and told him that the back office was having trouble confirming the Asian option trades. Mr. Rusnak had left twelve written confirmations on the back-office employee’s desk. The back-office personnel reviewed the confirmations and concluded that the confirmations looked bogus. (They were. Subsequent investigation revealed that Mr. Rusnak had created these confirmations— complete with counterfeit logos for the presumed counterparties— on his personal computer. He stored them in a computer file labeled “fake docs.”)

I love it. Stored them in a computer file labeled “fake docs”. What a maroon.

And history will repeat itself for sure. Frauds like this always do.

To read the complete report click here.